Loading...
Loading...
Control who can do what within your organization, and maintain a complete, tamper-evident record of every action taken on the platform. Truthlocks RBAC ensures that the right people have the right access — nothing more, nothing less.
Role-Based Access Control (RBAC) means each team member is assigned a role that defines exactly what they can see and do. Instead of giving everyone full admin access, you give each person the minimum permissions they need to do their job.
Invite team members via email with specific roles. Remove access instantly when someone leaves the organization. Manage permissions from the Console or via the API.
The platform enforces role boundaries at the API level. An Operator cannot escalate to Admin permissions, and a Viewer cannot modify resources — even through the API.
For sensitive operations like key rotation, issuer deletion, or bulk revocation, require multi-party approval from designated governance reviewers before execution.
API keys can be scoped to specific permissions and issuers. A key created for minting cannot be used to revoke attestations or modify settings.
Configure session timeout policies, enforce re-authentication for sensitive actions, and revoke active sessions for any team member instantly.
Enterprise customers can integrate with SAML/OIDC single sign-on providers and use SCIM for automated user provisioning and deprovisioning from your identity provider.
Every action on the Truthlocks platform is recorded in a tamper-evident audit log. Unlike traditional application logs, Truthlocks audit events are cryptographically chained using SHA-256 hashes — if any entry is modified or deleted, the chain breaks and the tampering is immediately detectable.
Audit logs are designed for compliance teams, security officers, and regulators who need to understand exactly who did what, when, and from where.
Authentication Events
Login, logout, failed attempts, session creation, API key usage
Attestation Operations
Mint, revoke, supersede, verify — with full request context
Team Changes
Member invited, role changed, member removed, permissions updated
Key Lifecycle
Key generated, rotated, compromised, retired — linked to affected attestations
Configuration Changes
Webhook updated, API key created/revoked, governance policy modified
Governance Actions
Approval request created, approved, rejected, executed
RBAC and audit logging work together to satisfy the access control and record-keeping requirements of major compliance frameworks.
SOC 2
Access control, logging, monitoring
GDPR
Data access audit, right to access
HIPAA
Access logs, minimum necessary
ISO 27001
A.9 Access control, A.12 Operations
Start enforcing granular access control and maintaining tamper-evident audit trails across your entire organization.